Date: Sat, 8 Sep 2001 21:08:12 -0400 (EDT) From: "Andrew R. Reiter" <arr@watson.org> To: Kris Kennaway <kris@obsecurity.org>, bright@mu.org, bde@zeta.org.au Cc: security@freebsd.org Subject: Re: netbsd vulnerabilities Message-ID: <Pine.NEB.3.96L.1010908210131.14583A-100000@fledge.watson.org> In-Reply-To: <Pine.NEB.3.96L.1010908063851.9148A-200000@fledge.watson.org>
next in thread | previous in thread | raw e-mail | index | archive | help
So, I'd like to bring this to conclusion as this bug sucks :-( So, I propose that the patch I submitted is "ok" (:-)) b/c it #1 solves the unsigned -> int -> unsigned (copyin call) issue, and #2 conforms to what is specified in the man page _and_ in sys/sys/sem.h. However, if this is not the correct usage of semop(), ie. we don't want to have it unsigned, then we must #1 fix to check < 0 for the vuln, #2 fix the man page, #3 fix code that was written to the man page spec, and #4 fix sys/sys/sem.h. Thoughts? Andrew *-------------................................................. | Andrew R. Reiter | arr@fledge.watson.org | "It requires a very unusual mind | to undertake the analysis of the obvious" -- A.N. Whitehead To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.NEB.3.96L.1010908210131.14583A-100000>